Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/06 8:13 p.m.5 views

CVE-2026-40332

Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...

5.3CVSS5.7AI score0.00328EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/05 7:48 p.m.31 views

CVE-2026-40331

Summary: Masa CMS is affected by an unauthenticated SQL injection via the altTable parameter in the JSON API for multiple versions (7.2.0–7.2.9, 7.3.0–7.3.14, 7.4.0–7.4.9, 7.5.0–7.5.2). The vulnerability arises because the value passed to setAltTable() is stored without validation and is inserted...

9.3CVSS5.9AI score0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/03 4:43 p.m.8 views

EUVD-2024-30445

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...

7.5CVSS6.3AI score0.00318EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/03 4:43 p.m.6 views

CVE-2024-32643 Masa CMS vulnerable to authentication bypass with /tag/

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...

7.5CVSS6.4AI score0.00318EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/03 4:37 p.m.5 views

EUVD-2024-30444

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...

8.8CVSS6.5AI score0.00171EPSS
Exploits1References2
NVD
NVD
added 2025/08/11 9:15 p.m.11 views

CVE-2024-32640

MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the processAsyncObject method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for th...

9.8CVSS0.70366EPSS
Exploits3References7
Cvelist
Cvelist
added 2025/08/11 8:38 p.m.15 views

CVE-2024-32640 MasaCMS SQL Injection vulnerability

MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the processAsyncObject method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for th...

9.8CVSS0.70366EPSS
Exploits3References7
EUVD
EUVD
added 2025/08/11 8:38 p.m.8 views

EUVD-2024-30442

MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.6, 7.3.13, and 7.2.8 contain a SQL injection vulnerability in the processAsyncObject method that can result in remote code execution. Versions 7.4.6, 7.3.13, and 7.2.8 contain a fix for th...

9.8CVSS8.3AI score0.70366EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2023/02/01 2:15 p.m.3 views

CVE-2022-47002

A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request...

9.8CVSS7.4AI score0.06253EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.6 views

PT-2023-15129 · Masacms · Masacms

Name of the Vulnerable Software and Affected Versions: Masa CMS versions 7.2 through 7.4-beta Description: A vulnerability in the Remember Me function of Masa CMS allows attackers to bypass authentication via a crafted web request. Recommendations: For versions 7.2 through 7.4-beta, consider...

9.8CVSS9.3AI score0.06253EPSS
Exploits1References8
Rows per page
Query Builder